Skip to main content

SonarQube Token

Description

General

  • Documentation: https://docs.sonarqube.org/latest/extend/web-api/
  • Summary: SonarQube is an open-source platform for continuous inspection of code quality and detection of code vulnerabilities. SonarQube provides a web API to access its functionalities from applications. This detector focuses on detecting the SaaS token format (which is scope-agnostic) and the on-prem prefixed user, global analysis and project analysis tokens used to authenticate API calls.

Revoke the secret

The tokens can be revoked from the security tab of accounts. For On-Premise instances of SonarQube go to User > My Account > Security and click on the Revoke button.

Details for SonarQube Token

  • Family: token

  • Category: code_analysis

  • Company: SonarQube

  • High recall: False

  • Validity check available: True

  • Analyzer available: False

  • On-premise instances exist: True

  • Only valid secrets raise an alert: False

  • Minimum number of matches: 1

  • Occurrences found for one million commits: 12.35

  • Prefixed: False

Details for SonarQube Token with Prefix

  • Family: token

  • Category: code_analysis

  • Company: SonarQube

  • High recall: False

  • Validity check available: True

  • Analyzer available: False

  • On-premise instances exist: True

  • Only valid secrets raise an alert: False

  • Minimum number of matches: 1

  • Occurrences found for one million commits: 9.01

  • Prefixed: False